Pages

Monday, November 5, 2012

Cyber Security Policy Of India

Cyber Security is an issue that tries to protect and
preserve the Information Technology Infrastructure (ITI) of a Nation.
Since Cyberspace is boundary less it is possible to attack the ITI of
any Nation from any place.

We are still dealing with the Cyber
Security issues in India. Although India has formulated
the Cyber Security Strategy but it is more on the side of prescribed
guidelines alone. The practical and actual implementation of the same
is still missing.

Policies and Strategies issues are best
implemented practically and effectively if they are made part of the
National Policies. Till now we have not formulated a National
Cyber Security Policy of India that is implantable at
National level.

Till now there is no National Cyber Security Policy of
India that covers these issues and is implementing the same. Our
websites are frequently defaced, strategic computers are often
compromised, sensitive defence documents are occasionally stolen and
cyber espionage against India is frequently committed.

I also
understand that it is not possible to have an absolute Cyber
Security. The notion of having an absolute Cyber Security is a “Myth”
as we cannot ensure absolute Cyber security anywhere. There are
exploits and vulnerabilities, both hardware and software based, that
cannot be anticipated and tackled in advance. In fact, “Zero Days
Exploits” are the most difficult one to anticipate and handle. In
these types of exploits all Cyber Security Measures proves
ineffective and futile.

Further, human beings are usually the
weakest link in the Cyber Security infrastructure and Social
Engineering is the easiest way to break into a Computer System.
Besides being easy, Social Engineering can be incredibly cheap.
Social Engineering is the hardest form of attack to defend against
because an individual or organisation cannot protect itself with
hardware or software alone.

Both Government Departments and
Private Companies must have good employee’s awareness activities
and information dealing policies in place and the employees must
strictly follow these policies. The employees must be willing to ask
relevant questions while dealing with a request to provide sensitive
information.

Indian Government must also focus upon Techno
Legal Cyber Security Skill Development for its employees
and departments. Suitable Techno Legal Cyber
Security Courses must be made available to Government
departments and employees. All these issues must be made part of the
Cyber Security Policy of India that should be formulated and
implemented as soon as possible.